Revert "tracelog disabled by default in /etc/firejail/firejail.config file"

This reverts commit 6e687c30110a52f267c1779c4eeab82bded9cb77.

Part of reverting commits with Landlock-related changes.

6 files changed, 23 insertions, 33 deletions

diff --git a/README b/README
index 1aa2b4260..3e0f043a6 100644
--- a/README
+++ b/README
@@ -252,8 +252,6 @@ cayday (https://github.com/caydey)
 Christian Pinedo (https://github.com/chrpinedo)
         - added nicotine profile
         - allow python3 in totem profile
-ChrysoliteAzalea (https://github.com/ChrysoliteAzalea)
-        - Landlock support
 creideiki (https://github.com/creideiki)
         - make the sandbox process reap all children
         - tor browser profile fix
diff --git a/etc/firejail.config b/etc/firejail.config
index e8bf45751..9d37b4d8a 100644
--- a/etc/firejail.config
+++ b/etc/firejail.config
@@ -57,11 +57,6 @@
 # to the specified period of time to allow sandbox setup to finish.
 # join-timeout 5
 
-# tracelog enables auditing blacklisted files and directories. A message
-# is sent to syslog in case the file or the directory is accessed.
-# Disabled by default.
-# tracelog no
-
 # Enable or disable sandbox name change, default enabled.
 # name-change yes
 
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index 62b8c4dc4..e2fab1265 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -62,7 +62,6 @@ int checkcfg(int val) {
                 cfg_val[CFG_CHROOT] = 0;
                 cfg_val[CFG_SECCOMP_LOG] = 0;
                 cfg_val[CFG_PRIVATE_LIB] = 0;
-                cfg_val[CFG_TRACELOG] = 0;
 
                 // open configuration file
                 const char *fname = SYSCONFDIR "/firejail.config";
@@ -112,7 +111,6 @@ int checkcfg(int val) {
                         PARSE_YESNO(CFG_SECCOMP, "seccomp")
                         PARSE_YESNO(CFG_NETWORK, "network")
                         PARSE_YESNO(CFG_RESTRICTED_NETWORK, "restricted-network")
-                        PARSE_YESNO(CFG_TRACELOG, "tracelog")
                         PARSE_YESNO(CFG_XEPHYR_WINDOW_TITLE, "xephyr-window-title")
                         PARSE_YESNO(CFG_OVERLAYFS, "overlayfs")
                         PARSE_YESNO(CFG_PRIVATE_BIN, "private-bin")
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index a3b38b5e0..9c2b53c18 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -32,6 +32,25 @@
 // debug restricted shell
 //#define DEBUG_RESTRICTED_SHELL
 
+#ifdef HAVE_LANDLOCK
+
+extern int landlock_create_ruleset(struct landlock_ruleset_attr *rsattr,size_t size,__u32 flags);
+
+extern int landlock_add_rule(int fd,enum landlock_rule_type t,void *attr,__u32 flags);
+
+extern int landlock_restrict_self(int fd,__u32 flags);
+
+extern int create_full_ruleset();
+
+extern int add_read_access_rule_by_path(int rset_fd,char *allowed_path);
+
+extern int add_write_access_rule_by_path(int rset_fd,char *allowed_path);
+
+extern int add_create_special_rule_by_path(int rset_fd,char *allowed_path);
+
+extern int add_execute_rule_by_path(int rset_fd,char *allowed_path);
+
+#endif
 
 // profiles
 #define DEFAULT_USER_PROFILE    "default"
@@ -838,7 +857,6 @@ enum {
         // CFG_FILE_COPY_LIMIT - file copy limit handled using setenv/getenv
         CFG_ALLOW_TRAY,
         CFG_SECCOMP_LOG,
-        CFG_TRACELOG,
         CFG_MAX // this should always be the last entry
 };
 extern char *xephyr_screen;
@@ -945,16 +963,4 @@ void run_ids(int argc, char **argv);
 // oom.c
 void oom_set(const char *oom_string);
 
-// landlock.c
-#ifdef HAVE_LANDLOCK
-int landlock_create_ruleset(struct landlock_ruleset_attr *rsattr,size_t size,__u32 flags);
-int landlock_add_rule(int fd,enum landlock_rule_type t,void *attr,__u32 flags);
-int landlock_restrict_self(int fd,__u32 flags);
-int create_full_ruleset();
-int add_read_access_rule_by_path(int rset_fd,char *allowed_path);
-int add_write_access_rule_by_path(int rset_fd,char *allowed_path);
-int add_create_special_rule_by_path(int rset_fd,char *allowed_path);
-int add_execute_rule_by_path(int rset_fd,char *allowed_path);
-#endif
-
 #endif
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 1daf0da35..3f0dc960a 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -348,8 +348,7 @@ errout:
 
 
 static void exit_err_feature(const char *feature) {
-        fprintf(stderr, "Error: %s feature is disabled in Firejail configuration file %s\n",
-                feature, SYSCONFDIR "/firejail.config");
+        fprintf(stderr, "Error: %s feature is disabled in Firejail configuration file\n", feature);
         exit(1);
 }
 
@@ -1571,12 +1570,8 @@ int main(int argc, char **argv, char **envp) {
                                 arg_tracefile = tmp;
                         }
                 }
-                else if (strcmp(argv[i], "--tracelog") == 0) {
-                        if (checkcfg(CFG_TRACELOG))
-                                arg_tracelog = 1;
-                        else
-                                exit_err_feature("tracelog");
-                }
+                else if (strcmp(argv[i], "--tracelog") == 0)
+                        arg_tracelog = 1;
                 else if (strncmp(argv[i], "--rlimit-cpu=", 13) == 0) {
                         check_unsigned(argv[i] + 13, "Error: invalid rlimit");
                         sscanf(argv[i] + 13, "%llu", &cfg.rlimit_cpu);
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 9f677c11d..9a2f8c82c 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -372,9 +372,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                 return 0;
         }
         else if (strcmp(ptr, "tracelog") == 0) {
-                if (checkcfg(CFG_TRACELOG))
-                        arg_tracelog = 1;
-                // no warning, we have tracelog in over 400 profiles
+                arg_tracelog = 1;
                 return 0;
         }
         else if (strcmp(ptr, "private") == 0) {